[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cryptography
Subject:    Re: Open Source Embedded SSL - Export Questions
From:       Bill Stewart <bill.stewart () pobox ! com>
Date:       2003-11-28 7:24:29
[Download RAW message or body]

At 02:45 PM 11/27/2003 +1100, Greg Rose wrote:
>At 12:27 PM 11/27/2003, Thor Lancelot Simon wrote:
>>RC4 is extremely weak for some applications.
>>A block cipher is greatly preferable.
>
>I'm afraid that I can't agree with this howling logical error.
>RC4 is showing its age, but there are other stream ciphers
>that are acceptable, and there are block ciphers
>(such as FEAL, same vintage as RC4) that aren't even vaguely secure.

Well, to be more precise,
RC4 has restrictions on the ways you can use it that
make its crypto strength fail very badly if you violate them,
and because it's an XOR stream cypher there are sometimes
things you can't do with it that you could do with a block cypher.
RC4 does also have the historical problem that people sometimes
decide to use it with 40-bit keys because they can...

OTOH, of course being a block cypher isn't enough to guarantee
either strength or usefulness, e.g. bass-o-matic.







---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
[prev in list] [next in list] [prev in thread] [next in thread]